Platform
java
Component
wso2-api-manager
Fixed in
3.1.0
3.1.0.351
3.2.0.455
3.2.1.74
4.0.0.375
4.1.0.238
5.10.0.360
5.11.0.405
CVE-2025-6024 describes a Cross-Site Scripting (XSS) vulnerability discovered in WSO2 API Manager. This flaw allows attackers to inject malicious scripts into the authentication endpoint, potentially leading to user redirection or UI manipulation. The vulnerability impacts versions from 0.0.0 up to and including 5.11.0.405, but a fix is available in version 5.11.0.405.
Successful exploitation of CVE-2025-6024 allows an attacker to inject arbitrary JavaScript code into the WSO2 API Manager authentication endpoint. This can be leveraged to redirect users to malicious websites, steal sensitive information displayed on the page, or modify the appearance and behavior of the web interface. While session hijacking is mitigated by the httpOnly flag on session cookies, the attacker can still perform phishing attacks or deface the login page to harvest credentials. The blast radius is limited to users interacting with the authentication endpoint, but a compromised API Manager instance could impact numerous users and downstream services.
CVE-2025-6024 was publicly disclosed on 2026-04-16. No public proof-of-concept (POC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate probability of exploitation if a suitable POC is developed and widely disseminated.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-6024 is to upgrade WSO2 API Manager to version 5.11.0.405 or later, which includes the necessary fix. If immediate upgrading is not possible, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious input in the authentication endpoint. Specifically, look for patterns indicative of script injection attempts. Thoroughly review and sanitize all user-supplied input before rendering it in the web page. After upgrading, confirm the fix by attempting to inject a simple JavaScript payload into the authentication endpoint and verifying that it is properly sanitized and does not execute.
Update WSO2 API Manager to version 3.1.0.351 or later, 3.2.0.455 or later, 3.2.1.74 or later, 4.0.0.375 or later, 4.1.0.238 or later, 5.10.0.360 or later, or 5.11.0.405 or later to mitigate the Cross-Site Scripting (XSS) vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-6024 is an XSS vulnerability in WSO2 API Manager allowing attackers to inject scripts via the authentication endpoint, potentially redirecting users or manipulating the UI.
Yes, if you are using WSO2 API Manager versions 0.0.0 through 5.11.0.405, you are potentially affected by this vulnerability.
Upgrade WSO2 API Manager to version 5.11.0.405 or later to resolve the vulnerability. Consider WAF rules as a temporary mitigation.
Currently, there is no confirmed active exploitation of CVE-2025-6024, but the lack of a public POC does not guarantee it won't be exploited in the future.
Refer to the official WSO2 security advisory for detailed information and updates regarding CVE-2025-6024: [https://wso2.com/security/vulnerability/CVE-2025-6024/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.